Bitdefender Cannot Detect The New WHQL Rootkits

wwwab
wwwab
edited November 2022 in Security Research Team

I recently discovered the new WHQL Rootkits. Bitdefender and many other anti-virus software providers still cannot detect them. Due to the large number of files and their total size, I can't submit them to Bitdefender according to the normal process. I've tried to contact case that haven't been closed before, but they seem to be out of working hours.

Hash:

f3b017cf469aa4e76b1e9b67c6462a0b5d9ebbfc550c1bf3f65e9ccdf88f2447

d6f7fd346cafc4e7e2227a5ef8dd9ddbbdd83dbc5d139734b03e2c404509cd06

6bf7fb60c2c93dc17ba5dbf24f63d1ede4615fc53e3f6643bd676f2e9c9d4c2b

2088764efe780fcde3a7623b330e8319280c26e481bed8fc3e8726bfddc1ea53

a82794500932cd286b88fec79a8b0e6d9121b135e531da8552333ebb87da834f

547eb802e7bbf40ce6b5e219baad84152677653e92eaefeee7ce4226cf312058

342d7d819f869870a677a3670bbe520fb89389b63c5dd6c68b80fb63117463d3

a1be29cd2a06867c14dca5a621eb73a5428d6a31bbd4182d350e46775ad80cdf

ee75bbe10675a7b8e90072cfac182d65963d927778f0d4c477f6ccc5c9570ac3

b1fde38dcf163f7724ec240d7441b5b75386e9199ecd80dd878bfd9bff6b823b

b7a9bed4c0f1aed75ffc5d2ba14463a8e9b6144c9f07ab4d7c60b127ee145211

8501d07f3834192ed16badc423120445cd15581779020646e1671b5ac81e2fbf

b28abf0b11ed44661b77594430919e8e269169568931d1e530342ac149fb33e6

0522751131368fa007f8ed52209a5b9b4583b82c3fa9af20ad82d575f2c6e711

f9d9d22b9c19f45b8ba74b556a959990586fd2c10f962af34e49d12b94d5d35b

a2d1bfc6686f97d82ff7a7c2e027dd7fdb75a86531c28ed827652722c43e4ee8

d38a206431cdf0ccf3520240a91831e8222f9cf8ecb7104361079eca96c155a4

e398b3818cb784c6efb6b2e80a265429b417ac693f35a3ba155baabab7445511

6c6dbcd53a7e6a4e0dd1458cb417ef472afbb178d457481eda8f85561b9debd4

51f9f9338eb97e9a06d8e78fc7ba61c0e62484bd179b321c4f31c3e69d8ddf84

a0cf4ca6570a7442cce8ea98b62df060ecafc7d8498667d07674b29aaf9b225a

be85725cacdcd1377bd79459c003b3a1b9e2e35ba30544560c19f6634259791a

e20a485993086dec457dff824e8ca7053f6b3cbc75117d63e87c79d537c05c5b

0aa222fe91919a0c9f477d4c68af4de9cffdaf1cc63d96ee7e137a3aaef69530

55b20056f002a1746d73e8b874f1d20c4d179bf5455b9268dc286f2da6b83db2

80951e2f257d8c6b1f94e1c298144a1b4d928399b028fec3eddad2354fbe9773

e1e2b29c575fce4fc8f8a43cc3b13ee31b70acf3336db07b99cfa5bfbf6643cf

b051703a9c6851960849d4fea3311892d4fc3681d6fd2e23d7861f006f2fbfa2

9914a6f768631be401f2af9dd4d36056ecca55d62751aece05ccc2dc0993862e

081e37847d8916cf28b2f8ec172208898bb3b8f44dd5ad97470ca915dadf2f72

9d05061c3b7a62ae365639e0532b4ac6226e3bdd6e9caf0a1166ef80829356bb

Comments

  • Flexx
    Flexx Defender of the month mod

    The hashes have been shared with the malware researchers. The post will be updated once an update is recieved.

    Regards

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • Thank you @Flexx ! 🤜🤛

  • Flexx
    Flexx Defender of the month mod
    edited November 2022

    The sent hashes are malicious and detection will be added soon.


    Regards

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • wwwab
    wwwab
    edited November 2022

    Well down. This is really good news. Thank you.


    Regards

  • Gjoksi
    Gjoksi DEFENDER OF THE YEAR 2022 ✭✭✭✭✭

    Thanks to @wwwab, ESET can now detect them as malicious:

    Also, this stands for the other security vendors, which now detect them as malicious:

    Kind regards.

  • Hi @Flexx

    d93c406fddb17234b31ac7767b145420b8cc74eb33c8df4ada32bcfb271ddea5

    5cd02b515762b7b07771ed6f1b538fdf0962b83940804a52a1bdfe821fec3ed7

    New samples of the WHQL RootKits Bitdefender cannot detect.

    Regards

  • Flexx
    Flexx Defender of the month mod
    edited November 2022

    Sorry, was on a long holiday.

    Shared the hashes with the malware reasearch team. In future, you can also share the hashes with @Alexandru_BD or @Mike_BD and they will share it with malware researchers directly and can provide faster resolution on this since they both work for bitdefender.

    Regards

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • Hi @Flexx


    "9beca954da15bd7abfa3389e63af322361a12b7616a734d31d9aecef71f84fad",

    "4b267203d6cbe5ca72f9f47446153ab62a2f99a0ae0788173cfefe61ba936f6d",

    "f2401dd344ef5c65ad674c45e4a5dbc911b0cc6d0c757bd413ffbe715422e080",

    "a46c0cce3b4085d148ce29787509166069a329b044077e7a39c5b0834a2de24d",

    "2e25a5399bf56768684297709e6cce6d12f3a456afccd9954e490a1d6c524603",

    "c823ed1e83337cddb9e43409ed92681590b6d2a251058b221734864233878c92",

    "7bf425b214d0306bd5f9a5855f9bdd5895c523be74f672c346f5d2c859a42fe2",

    "c444e1c6238b13e4e3d6f85269ba721b00460e4252f0b3f7001e859d780248c3",

    "f80246ad1cd3f34b190b5261c3ac3db0496d3e40a38b34203ce02c5ffdd4b46a",

    "07d09c2b6dcd61eb5885bf2a43dbf34e4e18a173c286e5f75adb6cdd7af0a8c6",

    "621fc2c2ca7d6eecb4569d35a5a3d435281862cec803b7f4f8c06199bc6326c8",

    "7987432e06ede9ac618fba0091f5d632e44c48661f298f4010f00a4ca8fb1f14",

    "7a0668988a45cd03dfcf9989e8449bcb02bfb946f95cb3e0faea7c048bfe4995",

    "e470778d290283465993dbccd3c3dc5b1a9a3f84fdc50a8d3537d069ba24f477",

    "c7c03242d68ae59a0d6ae06863d019cb7a1c26bd11334431311df0d5db45753a",

    "0a6116a00f97f37499da064234901c8a4e99a271318724416ff0634846463351",

    "62838d2ed5ea996375e0e6a29b00a6213cc25e89935ef5582cd9c0ebea527558",

    "96a5843d1283647ec94cf77e2197ffd07f909b7cdf3f30e18314a97d9f903e91",

    "874198939fe87d0986fefd97619021e2bfae3e203e0839d5a3b4fec85117567b",

    "14021b3a6eaca0718a03c39b602e12aea2e78d70e0a33dcb3fcc8c66d4f2e167",

    "c27c5b331e8d6410631a03118b49672edc40fd84abd2e4dbdc18db03b9ee9eed",

    "d786c5b9d8c9509d5b52c052534fc747ef604da6ddf34a8207e5fdcd1fd09ff7",

    "91262198d13ea2fe6264c898bd6fcf8f7e3cdebdb144d73adbad6bf13c5d6152",

    "6f7571785987bae5218088860a08c68f8e1fcb82aea48dfe2db4a2a45bf1c0a2",

    "c02b7979be0d931878e35b58223d3bb05fd7913495051c6a9a56b77e96c15cd1",

    "976e74a800fb3905911d6e3701d89bb4b722b067a7f199b0020b8cfafeaa5118",

    "12003a563b4e85a91e71d9c2084e13850a17bd4cac822ef7a592ef1c5302807d",

    "8054bb07b1839bbbb6086cfe95d35f9cc29bc178486e7553d706673ca32fd6a7",

    "7a16217ab07fc6449182071d25612f2be61fb8453382632ade5c566c67853c36",

    "996434920b27f2534fd1197810f391e5d8899dfde94500517b7632f17a8d3d8b",

    "592d4056b36cf298da2403a6afb9a52162f1f377085ca75d11a09bc2f5ae5434",

    "ba96f697c7da94fdc27a9c57292ed82f08f8d6e0e119794a40904cc7d10d0a71",

    "827ff254a8f16247e1e67e756691b4ccbacc6dabc532468e54d3f83ec1f38c26",

    "e000c25ca6138e9bf54528a5f1134e86f4715f4231493d0a42cd64aa6669eb02",

    "b692eaca8a9a1c313f6c23f53f122d2a3b0b5fe1e32563adcbc9a748e85f1f68".


    New samples of the WHQL RootKits Bitdefender cannot detect.


    Regards

  • Flexx
    Flexx Defender of the month mod

    Hashes have been shared with the malware researchers.

    Regards

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)

  • Flexx
    Flexx Defender of the month mod

    OMEN Laptop 15-en1037AX (Bitdefender Total Security) & Samsung Galaxy S22 Ultra (Bitdefender Mobile Security)